Conversation
|
/ci |
packages/content-management/table_list_view_table/src/table_list_view_table.tsx
Outdated
Show resolved
Hide resolved
packages/content-management/table_list_view_table/src/table_list_view_table.tsx
Show resolved
Hide resolved
|
/ci |
packages/content-management/table_list_view_table/src/components/table.tsx
Outdated
Show resolved
Hide resolved
…ana into d/2024-04-05-create-by-filter
|
/ci |
|
/ci |
…ana into d/2024-04-05-create-by-filter
|
/ci |
…eate-by-filter # Conflicts: # packages/content-management/table_list_view_table/src/components/table.tsx
|
/ci |
davismcphee
left a comment
There was a problem hiding this comment.
Code-only review. kbn-content-management-utils changes LGTM 👍
Heenawter
left a comment
There was a problem hiding this comment.
Code review + tested locally. It works great! Left two nits about the "No creators" filter, but nothing blocking 👍
I noticed a small visual issue with an email truncation in a smaller popover. Might be worth a separate issue.
I think it's worth creating a separate issue for the truncation issues:
This is why I decided to keep the created_by filter hidden from the user behind the user picker popover and not expose it to the search bar. The created_by filter is synced into the URL just like the rest of the table state.
I think this is reasonable! I'm not convinced that a URL-state filter is the right move here in the first place, so I think keeping it all client-side is ideal.
| content={ | ||
| <FormattedMessage | ||
| id="contentManagement.tableList.listing.userFilter.emptyMessageTooltip" | ||
| defaultMessage="Creators are assigned when dashboards are created, (for all dashboards created after version 8.14)." |
There was a problem hiding this comment.
Not sure if the comma is supposed to be there?
| defaultMessage="Creators are assigned when dashboards are created, (for all dashboards created after version 8.14)." | |
| defaultMessage="Creators are assigned when dashboards are created (for all dashboards created after version 8.14)." |
packages/content-management/table_list_view_table/src/components/user_filter_panel.tsx
Show resolved
Hide resolved
There was a problem hiding this comment.
Great job, tested locally and works as expected 🎉
Regarding the implementation I would change one thing though.
I would not add the bulkGetUserProfiles prop as we can already create that handler internally. Every consumer passes the CoreStart contract to the table context so we can already fetch the user profile (we need to extend the contract here https://github.com/elastic/kibana/blob/main/packages/content-management/table_list_view_table/src/services.tsx#L76).
What we probably will need are some options to disable the createdBy filter.
I see that we have initialFilter as a string.
We could maybe replace it with a filtersConfig prop?
interface FiltersConfig {
initialValue?: string;
createdByEnabled?: boolean; // default to false
}Regarding tests, I think it would be good to add some component integration tests (inside the "__jest__" folder)
packages/content-management/table_list_view_table/src/components/table.tsx
Outdated
Show resolved
Hide resolved
| } | ||
|
|
||
| // keep the user if it's selected | ||
| if (selectedUsers.includes(user.uid)) return true; |
There was a problem hiding this comment.
Sorry maybe not clear what I meant. 😊 Don't we want to not show the selected users when searching?
There was a problem hiding this comment.
I think it is a better ux. We want to show the selected users while searching even if they don't match, so that the user can unselect without clearing the filter first.
Basically, selected should always stay in the list
|
ACK: will review today (on behalf of the Kibana Platform Security) |
…eate-by-filter # Conflicts: # src/plugins/dashboard/tsconfig.json
azasypkin
left a comment
There was a problem hiding this comment.
Looks good from the security perspective 👍 If you find yourself needing to add the bulkGetUserProfiles API tag in more features, please let us know.
| key: userProfile.uid, | ||
| label: getUserDisplayName(userProfile.user), | ||
| data: userProfile, | ||
| 'data-test-subj': `userProfileSelectableOption-${userProfile.user.username}`, |
There was a problem hiding this comment.
question: any reason we cannot use uid instead of username? I can imagine the case when username might not be unique (same username, different security realms, different uid's).
There was a problem hiding this comment.
it is a bit hacky, but this is what was more convenient in tests, since I know the username, but don't know the u_id of the current user. I guess I can make an API request to fetch it. but not sure it is worth it in this case
There was a problem hiding this comment.
but not sure it is worth it in this case
It's likely not worth it if it's not trivial. I was just not sure what happens if we have duplicated test attributes in prod - I assume nothing?
There was a problem hiding this comment.
nothing! happens relatively often
| export async function loginAsInteractiveUser({ | ||
| getService, | ||
| }: Pick<FtrProviderContext, 'getService'>): Promise<{ | ||
| Cookie: string; | ||
| }> { | ||
| const config = getService('config'); | ||
| const supertest = getService('supertestWithoutAuth'); | ||
|
|
||
| const username = config.get('servers.kibana.username'); | ||
| const password = config.get('servers.kibana.password'); | ||
| const response = await supertest | ||
| .post('/internal/security/login') | ||
| .set('kbn-xsrf', 'xxx') | ||
| .send({ | ||
| providerType: 'basic', | ||
| providerName: 'basic', | ||
| currentURL: '/', | ||
| params: { username, password }, | ||
| }) | ||
| .expect(200); | ||
| const cookie = parseCookie(response.header['set-cookie'][0])!.cookieString(); | ||
|
|
||
| return { Cookie: cookie }; | ||
| } |
There was a problem hiding this comment.
note: not a blocker for this PR, obviously, but it'd be great if we can start embracing testing with non-admin/non-superuser users when possible 🙂 If you're up for it in this or the next PRs, here are the examples: https://github.com/elastic/kibana/blob/main/x-pack/test/security_api_integration/tests/user_profiles/suggest.ts#L17. I'm also happy to guide if you have any questions or issues with that.
Having said that, glad to see more functional and API integration tests with changes like that. Good job!
There was a problem hiding this comment.
Thanks, I'll take a look
There was a problem hiding this comment.
Is this also prefered for functional tests?
There was a problem hiding this comment.
Yes, definitely. Ideally, relying on specially crafted roles should be our default choice everywhere. And if it's not easy for some reason, we (Kibana Platform Security and Kibana QA) should make it simpler. This would help us to see, use, and test Kibana how most of our users see and use it, and sometimes it's not that pretty because we don't care enough about people with limited privileges - security accessibility, so to say.
|
@elasticmachine merge upstream |
…ana into d/2024-04-05-create-by-filter
sebelga
left a comment
There was a problem hiding this comment.
LGTM! 👍 Thanks for addressing the changes
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
History
To update your PR or re-run it, just comment with: cc @Dosant |
Part of https://github.com/elastic/kibana-team/issues/769
Summary
This PR adds a "created by" filter to the dashboard listing page. We've added the created_by field recently here so only newly created by interactive users dashboards will be populated with
created_byDemo
Implementation notes
Suggesting users
We suggest only the users that have at least one dashboard. We do this by aggregating dashboard saved objects by
created_by. Because we don't have server-side pagination or sorting yet, in this initial version, I decided to do this client-side to keep it as simple as possible for now.Initially, I did this server-side inside a dashboard plugin as an internal API route. In the long term, this should probably be moved to content management in some form, but it is not clear how it should look yet. This is the commit where I reverted and moved it to client-side 06316ee
Clint side filtering
The user filter is simply a client-side filter because we anyway currently have an in-memory table with client-side sorting and pagination. There is no much practical value in server-side filter atm
The filter allows to filter-in by multiple users. It also allows to filter items without creators
created_byfilter isn't part of the query stringI introduced a separate state for this filter, similar to
tableSortandpagination. The reason why thecreated_byfilter isn't a part of thesearchQueryis because we useprofile_idwhich looks ugly for the user, e.g.u_mGBROF_q5bmFCATLXAcCwKa0k8JvONAwSruelyKA5E_0so we can't just add it to a user-facing search query like we do with tags.profile_idis the correct identified we should use,usernamemight not be enough in some cases +usernamein cloud is unreadble account number. The best alternative could be email, but it isn't always available. This is why I decided to keep thecreated_byfilter hidden from the user behind the user picker popover and not expose it to the search bar. Thecreated_byfilter is synced into the URL just like the rest of the table state.No distinguishing the current user
There is no logic in place that somehow highlights or renames the current user in the filter. This can be added, but to limit the scope of the MVP I didn't do it.
User filter component
We use the
UsersProfilePopoverprovided by the security team. We use it without any overrides, so the component decides how to show users in a popover. I noticed a small visual issue with an email truncation in a smaller popover. Might be worth a separate issue.Testing
Next Steps
The next step would be to add a column with the user:
Release notes
The dashboard listing page now allows filtering dashboards by creators for dashboards created after version 8.14